This analysis examines the distribution trends of Infostealer malware in May 2025. It highlights the use of SEO poisoning to distribute malware disguised as cracks and keygens. LummaC2, Vidar, StealC, Rhadamanthys, and Amadey were the main Infostealers observed. Distribution methods included posts on legitimate websites, forums, and Q&A pages. Malware was primarily distributed in EXE format (95.4%), with a decrease in DLL-SideLoading (4.6%). Notable trends include the emergence of BAT script malware, use of the Wormhole file-sharing service for distribution, and the use of Unicode characters in compression passwords to bypass security measures. The report provides insights into distribution volumes, methods, and disguises based on data collected and analyzed by advanced security systems. Author: AlienVault
Related Tags:
unicode passwords
wormhole
keygens
dll-sideloading
bat script
T1204.001
stealc
rhadamanthys
T1059.001
Associated Indicators:
9D153A59F7A0C6D457F71D0643FEF5E3C60984C2DA3564E9236FE6DF834F1B60
E18A8C681F7F2876A5A4D2F550CC63D4FF25C05AB942D80C4D3A71DCE497D4BA
3455A11CC4E698C4FC931BF822920972192577DC
33FDB830D5DEDB058654725035C904C85180269D
2E83C4EE2A8F68DF5DADA72F7CC5AE0EB857C023
00D9C70434CDF4D83DD9B98E644597FA
13A137BD40D2E80631643EDB02C1C3EC
119A118372A79CFD77A033C852BD3F90
004C10450F71260BFAECF6AF97412749